A team of researchers behind an anti-virus solution called Dr.Web warns about an ongoing phishing campaign targeting Russian Instagram users. Reportedly, the crooks have reached out to 200,000 users already, while the number of people who were converted into victims is yet unknown. The main topic of the phishing campaign is the supposed provision of one-off payments from the Russian government to citizens who would like to start their own company, called "Social Contracts Program." This financial aid offered to aspiring entrepreneurs was allegedly ordered by a presidential decree "No. 1122B, dated February 11, 2020," a piece of fake information that would give more credibility and lure potential victims.
The fraudsters tried to make the whole thing as convincing as possible, so they added even more content to create context. They set up bogus websites, edited actual news releases that were broadcasted by federal TV channels in the past to turn them into fake videos. They also wrote messages that looked official. The crooks have made an effort to add snippets of someone browsing the phishing websites, incorporating this crucial element to fake the news report. The TV channels used in the fraudulent campaign are Channel One Russia, Russia-1, and Russia-24, although the attack may include more at any time.
As for the posts that promote this campaign on social media, the scammers went through the trouble of leaving numerous fake comments, so that no one would suspect anything "phishy".
The two phishing websites involved right now are "https://news-post.*****.net/" and "https://minekonovrazv.*****.net/". Once the victims get there, they are requested to enter their full names and dates of birth, and then the website is automatically generating the amount of money for which they supposedly qualify. In almost all cases, this amount exceeds 100,000 rubles, which is approximately $1,570. While this amount may not be very attractive to everyone, many would still find it to be of great help during the harsh times that define today's Russian society.
For the victims to allegedly receive the amount, the website requests to verify their bank account and credit card information. They ask people to enter their credit card number, name on the card, CVC code, and phone number. All classic phishing MOs.
In addition to this, the malicious websites also request victims to pay a small fee of 300 Rubles ($47). This is supposedly required for the processing of the application and payment. So, once the targets follow all the steps, they lose the fee paid and all of their sensitive financial data is stolen along the way.